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CLAIMS 

1 . A method of managing identity information on behalf of network services, the method 
comprising the steps of: 

obtaining a first meta data record describing a first of said network services; and 
utihzing said first meta data record to obtain a first service data record containing first 
identity management information for an user of the first network service. 

2. The method of claim 1, further comprising the step of utilizing the first meta data 
record to create an user interface for the user of the first network service to enable the user to 
view said first identity management information. 

3. The method of claim 1, further comprising the step of utilizing the first meta data 
record to create a first user interface for the user of the first network service to enable the user to 
modify said first identity management information. 

4. The method of claim 2, wherein the first user interface is dynamically configured 
during creation according to field information contained in the first meta data record. 

5. The method of claim 1, further comprising: 

obtaining a second meta data record describing a second of said network services; and 
utilizing said second meta data record to obtain a second service data record containing 
second identity management information for a second user of the second network service. 

6. The method of claim 5, further comprising step of utilizing the second meta data 
record to create a second user interface for the user of the second network service to enable the 
second user to view said second identity management information. 

7. The method of claim 1, wherein the first identity management information includes 
first network service provisioning information for the user of the first network service. 
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8. The method of claim 1, further comprising the step of denying access to the first 
network service where the first identity management information indicates that the user is not 
provisioned on the first network service. 

9. A method of fulfilling identity management information requests from a network user, 
comprising: 

obtaining meta data associated with a network service; 

using the meta data to present an identity management user interface to an user of the 
network service; and 

populating the identity management user interface with identity information associated 
with the user. 

10. The method of claim 9, wherein the step of populating the identity management user 
interface comprises: 

receiving a request for identity management information for the network service from the 
network user over the user interface; 

obtaining the identity information associated with the network user; and 
presenting the identity information to the network user via the user interface. 

11. The method of claim 10, wherein the step of obtaining the identity information 
comprises accessing an identity information database and retrieving a service record from said 
identity information database containing identity information associated with the network user. 

12. The method of claim 9, further comprising the step of modifying the identity 
information upon request of the network user. 

13. The method of claim 12, wherein the step of modifying the identity information 
comprises writing changes to the identity information to an identity information database. 
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14. The method of claim 13, further comprising the step of validating at least one of the 
changes to the identity information and the identity information before writing the changes to the 
identity information to the identity information database. 

5 15. An identity management infrastructure, comprising: 

an interface layer configured to receive first identity management requests from first 
network users of a first network service and second identity management requests from second 
network users of a second network service; 

a data access daemon configured to process the first and second identity management 
10 requests; and 

a data access layer configured to enable the data access daemon to access identity 
management data from at least one identity management database in connection with processing 
the identity management requests. 

15 16. The identity management infrastructure of claim 15, wherein the data access layer 

comprises an API configured to communicate with the data access daemon, and an API 
configured to communicate with the identity management database containing the identity 
management data. 

20 17. The identity management infi'astructure of claim 1 6, wherein the API is configured to 

communicate with the database utilizing at least one of Embedded Structured Query Language 
(ESQL), Open DataBase Connectivity (ODBC), Java DataBase Connectivity (JDBC), and 
Lightweight Data Access Protocol (LDAP). 

25 18. The identity management infrastructure of claim 15, wherein the data access daemon 

comprises a communications layer configured to facilitate communications with the interface 
layer, and a data access daemon core configured to provide identity management services. 

19. The identity management infrastructure of claim 18, wherein the data access daemon 
30 core comprises an API configured to interact with meta data structures and service structures 
retrieved from the identity management database. 
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20. The identity management infrastructure of claim 1 9, wherein the meta data structures 
describe the network services, and wherein the service structures describe identity information 
associated with users of the network services. 

21 . The identity management infrastructure of claim 1 8, wherein the data access daemon 
core further comprises an authentication module configured to authenticate the first and second 
network users and an authorization module configured to assess authorization levels associated 
with the first and second network users. 

22. The identity management infrastructure of claim 18, wherein the data access daemon 
core further comprises a validation module configured to validate data prior to modification of 
data in the database. 
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